Senior Security Consultant

Hi,

We are hiring Senior Security Consultant -VAPT Specialist for our client located in Kozhikode.

Position Summary

As a Senior VAPT Specialist, you will be responsible for conducting comprehensive security assessments, managing client relationships, and delivering high-quality penetration testing services. You will also conduct client-side vulnerability checks for your diverse clients. These will include assessing their security postures and offering actionable recommendations to fortify their cybersecurity defenses.

As a senior VAPT specialist, you will engage in tasks that include:

Client Management & Communication

• Be the trusted security expert and advisor for your assigned clients in undertaking security assessments.
• Lead engaging briefings, provide status updates, and prepare effective presentations.
• Convert complex technical findings into insights that drive decision-making for our clients.
• Build relationships that not only last, but also ensure client satisfaction, trust, and value for your service-oriented projects.
• Document findings that guide you to derive solutions.

Threat Modeling & Risk Assessment

• Develop comprehensive threat models for client applications and infrastructure
• Conduct risk assessments and prioritize security findings based on business impact 
• Design attack scenarios and security test cases based on threat intelligence
• Collaborate with development teams to integrate security into SDLC processes

Red Team Operations

• Plan and execute red team exercises to simulate real-world attack scenarios
• Develop custom tools and exploits for specific client environments
• Conduct social engineering assessments and physical security testing when required
• Provide post-exercise debriefings and improvement recommendations

Documentation & Reporting

• Contribute to internal knowledge base and best practices documentation
• Create detailed technical reports documenting vulnerabilities, exploitation methods, and remediation steps
• Develop executive summaries tailored for C-level audiences
• Maintain accurate project documentation and testing methodologies

Required Qualifications

• Experience & Background
• 3-5 years of hands-on experience in vulnerability assessment and penetration testing
• Proven track record of successful client engagements and project delivery
• Experience with enterprise-level security assessments across various industries
• Demonstrated ability to work independently and manage multiple projects simultaneously

Technical Expertise

• Deep understanding of security frameworks and standards:
• Penetration Testing Execution Standard (PTES)
• OWASP Top 10 and OWASP Testing Guide
• SANS Top 25 Most Dangerous Software Errors
• NIST Cybersecurity Framework
• CIS Critical Security Controls
• MITRE ATT & CK Framework

Development & Programming Experience

Software Development Background: Hands-on experience in application development and an understanding of secure coding practices are highly recommended.

• Programming and Scripting Languages: If you're proficient in Python and Bash, that would be an added advantage. Additional experience in PowerShell is highly appreciated. Basic knowledge in at least one compiled language (C/C++, Go, Java, or C#)
• Custom Tool Development: You can efficiently develop custom security tools, exploits, and automation scripts
• Security Tools Expertise: You're the person who can confidently leverage security tools with expert-level proficiency, such as Burp Suite Professional, OWASP ZAP, Nmap, Nessus, OpenVAS, Metasploit, Cobalt Strike, Wireshark, tcpdump, Static analysis tools (SonarQube, Checkmarx, and Veracode), and Custom exploit development tools.

Social Engineering & Phishing Expertise

• Social Engineering Assessments: Design social engineering tests to trigger human response to various threat scenarios.
• Phishing Simulations: Run phishing simulations ethically.
• Physical Security Testing: Perform on-site assessments through tailgating, badge cloning, and facility penetration.
• Awareness Training: Provide security awareness training based on assessment findings
• OSINT (Open Source Intelligence): Gather and analyze publicly available information for reconnaissance and social engineering preparation.

Communication & Language Skills

• Excellent communication skills (both written and spoken)
• Effectively communicate complex technical concepts to non-technical stakeholders
• Strong presentation and public-speaking abilities
• Can professionally draft technical documentation and reports

Professional Attributes

• Strong analytical and problem-solving abilities
• Attention to detail with a methodical approach to testing
• Ability to think like an attacker and anticipate security threats
• Commitment to ethical hacking principles and professional conduct
• Continuous learning mindset to stay current with emerging threats and technologies

Research-Oriented Mindset: Can deep research in all efficacy to understand emerging vulnerabilities, attack vectors, and security trends.

Innovation and Tool Development: Proactive approach to developing custom security tools, scripts, and methodologies for enhancing testing capabilities

Creative thinking for developing novel attack scenarios and bypassing security controls

Preferred Qualifications

Certifications: OSCP (Added Advantage), GPEN, CRTO, and CRT

Additional Experience (If any applicable)

• Experience with DevSecOps practices and CI/CD pipeline security
• Background in software development or system administration
• Knowledge of compliance frameworks (PCI DSS, HIPAA, GDPR, SOC2, ISO 27001)
• Experience with threat intelligence platforms and indicators of compromise
• Familiarity with containerization security (Docker, Kubernetes)
• Previous consulting or client-facing experience

Location: Govt. Cyberpark, Calicut

Experience: 3–5 Years

Be it undertaking vulnerability assessment or performing in-depth penetration testing, your role as a senior VAPT consultant highly counts when it comes to safeguarding our clients' critical assets by detecting threats and closing security gaps – proactively and efficiently. Where confidence, knowledge, and aptitude combine to effectively undertake high-profile security tests like ethical hacking, it is these qualities that we expect from you for the concerned role. Contact us if you believe you aptly fit in this role.